...
| Code Block | ||
|---|---|---|
| ||
const char *p;
void dont_do_this(void) {
const char str[] = "This will change";
p = str; /* dangerous */
/* ... */
}
void innocuous(void) {
const char str[] = "Surprise, surprise";
}
/* ... */
dont_do_this();
innocuous();
/* p might be pointing to "Surprise, surprise" */
|
...
| Code Block | ||
|---|---|---|
| ||
void this_is_OK(void) {
const char str[] = "Everything OK";
const char *p = str;
/* ... */
}
/* p is inaccessible outside the scope of string str */
|
...
| Code Block | ||
|---|---|---|
| ||
const char *p;
void is_this_OK(void) {
const char str[] = "Everything OK?";
p = str;
/* ... */
p = NULL;
}
|
Noncompliant Code Example (Return Values)
...
| Code Block | ||
|---|---|---|
| ||
char *init_array(void) {
char array[10];
/* Initialize array */
return array;
}
|
Some compilers generate a warning when a pointer to an automatic variable is returned from a function, as in this example. Compile your code at high warning levels and resolve any warnings (see MSC00-C. Compile cleanly at high warning levels).
...
| Code Block | ||
|---|---|---|
| ||
void init_array(char array[]) {
/* Initialize array */
return;
}
int main(int argc, char *argv[]) {
char array[10];
init_array(array);
/* ... */
return 0;
}
|
Risk Assessment
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL30-C | high | probable | high | P6 | L2 |
Automated Detection
...
Tool
...
Compliance
...
Description
...
ROSE
...
partial
The LDRA tool suite Version 7.6.0 can detect violations of this rule.
Fortify SCA Version 5.0 can detect violations when an array is declared in a function and then a pointer to that array is returned.
Splint Version 3.1.1 can detect violations of this rule.
Compass/ROSE can detect violations of this rule. It automatically detects returning pointers to local variables. Detecting more general cases, such as examples where static pointers are set to local variables which then go out of scope would be difficult.
...
LDRA tool suite V. 7.6.0
...
yes
...
...
Fortify SCA V. 5.0
...
yes
...
Can detect violations when an array is declared in a function and then a pointer to that array is returned.
...
Coverity Prevent
...
yes
...
The Coverity Prevent RETURN_LOCAL checker finds many instances where a function will return a pointer to a local stack variable.
...
Splint V. 3.1.1
...
yes
...
Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.
Klocwork Version
...
8.0.4.16
...
yes
...
can detect violations of this rule with the LOCRET checker.
Cross References
Standard | Rule |
|---|---|
CERT C++ | DCL30-CPP. Declare objects with appropriate storage durations |
ISO/IEC PDTR 24772 | DCM Dangling references to stack frames |
MISRA C: 2004 | Rule 8.6 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
This rule appears in the C++ Secure Coding Standard as DCL30-CPP.
...
Declare objects with appropriate storage durations.
References
| Wiki Markup |
|---|
\[[Coverity 07|AA. C References#Coverity 07]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.4, "Storage durations of objects," and Section 7.20.3, "Memory management functions"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "DCM Dangling references to stack frames"
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 8.6 |
...
DCL16-C. Use 'L', not 'l', to indicate a long value 02. Declarations and Initialization (DCL)